Table of Contents
Summary: We collect only the minimum data needed, never sell your data to third parties, and you can request deletion of your data at any time.
1. Data We Collect
Data you provide directly:
- Account information: name, email address, password (stored as a hash)
- Payment information: amount and gateway used โ we do not store credit card numbers
- Conversation content: messages you send to the AI
Data collected automatically:
- IP address, browser type
- Login times and activity
- Session cookies and "remember me" cookies
2. How We Use Data
- Provide the AI Chat service to you
- Process payments and issue invoices
- Send account-related emails (password resets, invoices)
- Improve system security (audit logs, fraud detection)
- Comply with legal requirements
We do NOT use your conversation content to train AI models.
3. Data Sharing
We share your data only with:
- AI provider (API): your messages are sent to a third-party AI provider for processing under their privacy and data-protection terms.
- BillPlz / PayPal: for processing payments only.
- Authorities: where required by Malaysian law.
We do not sell, rent, or disclose your personal data to advertisers or other third parties.
4. Data Retention
- Account data: retained while the account is active
- Conversation history: retained until you delete it or request deletion
- Transaction & invoice records: retained for 7 years (Malaysian tax requirement)
- Audit logs: retained for 2 years
- After account deletion: personal data is removed within 30 days; financial records are retained as required by law
5. Your Rights Under PDPA 2010
- โ Right of access: request a copy of your personal data
- โ Right to correction: update inaccurate information
- โ Right to deletion: request deletion of your account and data
- โ Right to object: object to processing for marketing purposes
- โ Right to portability: request an export of your data in a machine-readable format
To exercise any of these rights, contact us via the Contact Us section or use the Delete Account option in your profile settings.
6. Data Security
- Passwords are hashed using bcrypt (not readable)
- HTTPS connection with SSL/TLS
- All database queries use prepared statements
- Audit logs for all admin actions
- CSRF protection on all forms
In the event of a data breach, we will notify affected users and the Personal Data Protection Commissioner within 72 hours as required.
7. Cookies & Trackers
- Session cookies: required for login (removed when the browser is closed)
- "Remember me" cookies: active for 30 days if you choose this option
- Google Analytics: used for site statistics (if enabled) โ data is collected anonymously
You can delete cookies via your browser settings at any time.
8. AI-Related Privacy
โ ๏ธ Important warning: Do not enter sensitive personal information (national ID, bank account numbers, passwords) in AI conversations. Your messages are sent to a third-party AI provider's servers outside Malaysia for processing.
- Your conversation content is stored on our servers for session continuity
- We do not share your conversation history with other users
- You can delete any conversation at any time
9. Contact Us
Data Protection Officer
EngineAI Chat
Website: https://yourdomain.com
For privacy enquiries, PDPA complaints, or data deletion requests, please contact us via the email shown on our homepage.
You may also lodge a complaint with the Personal Data Protection Department of Malaysia at www.pdp.gov.my